End-of-Shift report
Timeframe: Mittwoch 05-10-2016 18:00 − Donnerstag 06-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Symantec Web Gateway Management Console Interface Command Injection
Symantec has released an update to address a Symantec Web Gateway (SWG) Management Console Interface command injection issue bypassing validation restrictions to add an unauthorized whitelist entry.
Highest severity issue: Medium
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161005_00
NIST: People have given up on cybersecurity - its too much hassle
To help change peoples mental models so that they will participate in cybersecurity, Theofanos said technology professionals have to do more work for the people using their products, so that people dont need to make too many decisions. "We need to make it easy for them to do the right thing," she said. "We need to make these things habits, so they dont really have to think about it."
http://www.theregister.co.uk/2016/10/06/go_ahead_steal_my_muffin_recipe/
Spotify: Gratis-Version lieferte Schadsoftware für Windows und Mac aus
Offensichtlich über Werbung von Dritten eingeschleust - Spotify bestätigt und entschuldigt sich bei Nutzern
http://derstandard.at/2000045458665
Malicious actions not necessarily focused on causing disruptions in TELECOM, but system failures still are
ENISA publishes its Annual Incidents report which gives the aggregated analysis of the security incidents causing severe outages in 2015.
https://www.enisa.europa.eu/news/malicious-actions-not-necessarily-focused-on-causing-disruptions-in-telecom-but-system-failures-still-are
Vorsicht vor Verteilung von Malware via Steam-Chat
Aktuell häufen sich Hinweise, dass Kriminelle verstärkt über gekaperte Steam-Accounts Links zu Webseiten mit Trojanern verschicken.
https://heise.de/-3342136
Denial of Service Vulnerability in Citrix License Server
A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote, unauthenticated attacker to crash the License Server.
This vulnerability affects all versions of Citrix License Server for Windows and Citrix License Server VPX earlier than version 11.14.0.1.
This vulnerability has been assigned the following CVE number: CVE-2016-6273
http://support.citrix.com/article/CTX217430
Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation
A vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA.
The vulnerability affects all versions of the Citrix Linux VDA earlier than version 1.4.0.
This vulnerability has been assigned the following CVE number: CVE-2016-6276
http://support.citrix.com/article/CTX216628
Sicherheits-Patches: Foxit beugt Angriffen auf Reader und PhantomPDF vor
Die Entwickler schließen mehrere kritische Lücken in den Linux-, OS-X- und Windows-Versionen.
https://heise.de/-3341878
Wave your false flags!
Targeted attackers are using an increasingly wide range of deception techniques to muddy the waters of attribution, planting "False Flag" timestamps, language strings, malware, among other things, and operating under the cover of non-existent groups.
http://securelist.com/analysis/publications/76273/wave-your-false-flags/
Announcing CERT Basic Fuzzing Framework Version 2.8
Today we are announcing the release of the CERT Basic Fuzzing Framework Version 2.8 (BFF 2.8). Its been about three years since we released BFF 2.7. In this post, I highlight some of the changes weve made.
https://insights.sei.cmu.edu/cert/2016/10/announcing-cert-basic-fuzzing-framework-bff-28.html
Palo Alto PAN-OS GlobalProtect Portal Web Interface Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1036968
Erpressungs-Trojaner Cerber lernt dazu und verschlüsselt noch mehr
Sicherheitsforscher warnen vor einer neuen Version der Ransomware, die nun unter anderem auch bestimmte laufende Prozesse beenden kann, um so Datenbanken in ihre Fänge zu bekommen.
https://heise.de/-3341992
Cisco Security Advisories
Cisco ASA Software DHCP Relay Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
Cisco Nexus 9000 Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo
Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr
Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
Cisco Firepower Management Center Console Local File Inclusion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
Cisco Firepower Management Center Console Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2
Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1
Cisco Host Scan Package Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs
Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst
Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp
IBM Security Bulletins
IBM Security Bulletin: A vulnerability in crypto++ affects PowerKVM (CVE-2016-3995)
http://www.ibm.com/support/docview.wss?uid=isg3T1024263
IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024236
IBM Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385)
http://www.ibm.com/support/docview.wss?uid=isg3T1024261
IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024270
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2016 CPU (CVE-2016-3485) that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud.
http://www-01.ibm.com/support/docview.wss?uid=swg21991149
IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller and Storwize Family (CVE-2016-3092)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009284
IBM Security Bulletin: Vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2947)
http://www.ibm.com/support/docview.wss?uid=swg21991477
IBM Security Bulletin: XStream XML information discloure vulnerability affects IBM Rational Quality Manager (CVE-2016-3674)
http://www.ibm.com/support/docview.wss?uid=swg21991406
IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2016-0359, CVE-2016-3092, CVE-2016-3485)
http://www-01.ibm.com/support/docview.wss?uid=swg21990062
IBM Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LMS (CVE-2016-2510)
http://www-01.ibm.com/support/docview.wss?uid=swg21987703
IBM Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024322
IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024264
IBM Security Bulletin: Vulnerabilities in nginx affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024237
IBM Security Bulletin: A vulnerability in NRPE affects PowerKVM (CVE-2014-2913)
http://www.ibm.com/support/docview.wss?uid=isg3T1024235
IBM Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212)
http://www.ibm.com/support/docview.wss?uid=isg3T1024260
IBM Security Bulletin: A vulnerability in pigz affects PowerKVM (CVE-2015-1191)
http://www.ibm.com/support/docview.wss?uid=isg3T1024213
IBM Security Bulletin: A vulnerability in ganglia affects PowerKVM (CVE-2015-6816)
http://www.ibm.com/support/docview.wss?uid=isg3T1024262